Information about http://vote.nist.gov/EAC-WJ-remarks.pdf

Dr. William Jeffrey, Chair Technical Guidelines Development Committee…

Tags: accreditation, america vote, assessment program, assistance commission, consensus view, deliverables, development committee, dr william, draft report, electronic voting systems, help america vote act, laboratory assessment, national institute of standards, national institute of standards and technology, recent news, subcommittee, testing laboratories, tgdc, voting system, vvsg,
Pages: 4
Language: english
Created: Thu Dec 7 09:41:42 2006
Display cached document
Page 1
image
Page 2
image
Page 3
image
Page 4
image
 Dr. William Jeffrey, Chair Technical Guidelines Development Committee
             Briefing for the Election Assistance Commission
                              Public Meeting
                             Washington, D.C.
                             December 7, 2006

Introduction

Good morning and thank you for the opportunity to address the Election Assistance
Commission (EAC). I am Dr. William Jeffrey, Director of the National Institute of
Standards and Technology. I am also, as specified by the Help America Vote Act of
2002, the Chair of the Technical Guidelines Development Committee (TGDC). The
TGDC advises the EAC. In July of 2007, the TGDC will deliver to the EAC a new
version of the Voluntary Voting Systems Guidelines (VVSG), referred to as VVSG 2007,
for the EAC's consideration and action. The TGDC just completed two days of meetings
earlier this week and I will give you a brief update on the committee's work and actions.

First, however, some recent news accounts regarding electronic voting systems contained
in one of the reports discussed at the TGDC raised the question of whether the report's
recommendations represented the official position of NIST. This draft report was
prepared by staff at NIST working with the Security and Transparency Subcommittee of
the TGDC at their request -- to serve as a point of discussion at the meetings. The report
was a discussion draft and did not represent a consensus view or recommendation from
either NIST or the TGDC.

Major Deliverables to the EAC

Before I discuss the outcome of the TGDC meeting, let me briefly describe two major
deliverables NIST will provide to the EAC. Besides the new VVSG, we also are
delivering to the EAC in the near future a list of Voting System Testing Laboratories (or
VSTLs) that have been accredited by NIST's National Voluntary Laboratory Assessment
Program (NVLAP). The EAC will consider these testing laboratories for EAC
accreditation. This will result in an improved voting systems testing and certification
process.

We also will deliver a set of test suites for the requirements in VVSG 2007. NIST will be
developing these test suites beginning in 2007. The test suites will serve as a common
basis for testing of voting systems so that testing, regardless of the test laboratory, will be
more uniform and consistent.

Major Differences Between VVSG 2005 and VVSG 2007

The VVSG we are delivering next July would apply to future voting systems at a time to
be determined by the EAC.
VVSG 2005 contained new material in Usability, Accessibility, and Security, but much
of the remaining material was taken from the 2002 VSS (Voting System Standards).
VVSG 2007 will be a complete rewrite of VVSG 2005, with new material and
considerable updates. VVSG 2007's requirements will be more precise, directly testable,
and clearer to voting system vendors and test laboratories; thus we expect an overall
improvement in voting system quality and testing.

In the area of usability and accessibility:

   ·   Usability performance benchmarks are currently being researched; these
       benchmarks will result in much more accurate and realistic usability performance
       metrics (and voting systems that are easier to use).
   ·   Accessibility requirements also are being updated.
   ·   Finally, there are updates to requirements for: alternative languages,
       documentation, plain language, and voter and system response timing.

In the area of security:

   ·   A major change is that VVSG 2007 will require new voting systems to be
       software-independent. This means that the accuracy of the election will not rely
       exclusively on the accuracy of the voting system software; the accuracy of the
       system's electronic records will be able to be independently audited against a
       voter-verified record.
   ·   The only systems that do this currently are paper-based, such as optical scan.
       However, the TGDC is including a provision for researchers or developers to
       create new and innovative, possibly paperless, voting system approaches that
       would still be independently auditable and conform to the VVSG 2007. This may
       include newer, cryptographic-based systems that potentially promise greater
       usability and accessibility, as well as security.
   ·   There also will be requirements to improve the accessibility of paper-based
       systems, and requirements to improve the reliability and usability of Voter-
       Verified Paper Audit Trail (VVPAT) systems for those jurisdictions who choose
       to use this approach.
   ·   In VVSG 2007, Radio-Frequency (RF) wireless will no longer be permitted for
       use on voting systems.
   ·   With respect to testing, there will be requirements for test labs to conduct open-
       ended vulnerability testing on voting systems to search for vulnerabilities.
   ·   Setup validation requirements also are being updated to permit inspection of
       whether a voting system's installed software is the correct software.
   ·   Finally, other security areas being updated include access control, auditing,
       cryptography, event logging, and physical security.

In the core requirements area:




                                              2
   ·   Voting system quality, reliability (mean time between failure), and accuracy
       requirements are being written to improve voting system design and testing
       techniques for ensuring that voting systems are robust and work properly.
   ·   To promote quality systems, requirements for vendors to comply with ISO
       9000/9001 are being examined.
   ·   With respect to Commercial Off-The-Shelf (COTS) software or hardware, both
       requirements and testing issues such as whether to exclude certain COTS products
       from in-depth source code reviews are being examined.
   ·   Finally, conventions for software coding also are being examined, including
       requiring software languages that contain improved integrity and security
       constructs.

Lastly, the VVSG itself will be written to be more readable and usable to all audiences.

Summary of Recent TGDC Meetings and Subcommittee Teleconferences:

Now, I'll discuss the recent TGDC meeting and some of its highlights. There have been
seven TGDC meetings over the past two years, the most recent being December 4 and 5.
The TGDC is divided into three subcommittees. Since the last TGDC meeting in April
2006, there have been a total of 47subcommittee teleconferences. NIST staff support the
subcommittees through research, developing draft material, and the subcommittee
members subsequently make recommendations to the TGDC as a whole.

The recent December meeting was perhaps the most important to date; it resulted in
major recommendations for EAC action, including:

   ·   Requiring software-independence in future voting systems ­ this means that
       future voting systems must use verifiable voting records for independent audits.
   ·   Creating a process to include new and innovative voting systems with greater
       usability, accessibility, and security.
   ·   Prohibiting RF wireless in future voting systems.
   ·   Improving the methods for measuring reliability and accuracy of voting systems.
   ·   Improving and updating the usability and accessibility requirements.
   ·   Improving requirements for the overall reliability of VVPAT voting systems.

Plans for the Next Seven Months:

We have seven months left to complete the research that will be embodied in VVSG
2007. Research will be completed for the usability performance benchmarks and
requirements will be updated. Requirements for implementing software independence
and other security improvements will be completed.

There will be a focus on requirements for voting systems to be more reliable and usable
both for voters and election officials. NVLAP will continue to investigate accreditation
for several other laboratories that have applied. There will be one or two additional
TGDC meetings and roughly 40 teleconferences before we are done. VVSG 2007 will be


                                            3
delivered to the EAC in July 2007. The test development will start based upon FY 2007
appropriations.

Future Plans After July 2007:

After delivery of the VVSG to the EAC, NIST is prepared to assist the EAC in vetting the
VVSG with other organizations, including:

   ·   the EAC's Standards Board
   ·   the Access Board
   ·   other voting-related organizations such as the National Association of State
       Election Directors (NASED) and the National Association of Secretaries of State
       (NASS).

The EAC will conduct a public review of the VVSG and NIST would be happy to assist
the EAC, if requested, to perform research in response to comments received.

Conclusion

NIST is pleased to be working on this matter of national importance with our EAC and
TGDC partners. NIST has a long history of writing voluntary standards and guidelines
and developing test suites to help ensure compliance to these standards and guidelines.
NIST is using its expertise to work with our partners to produce precise, testable voting
system guidelines and tests that will reduce voting system errors and increase voter
confidence, usability, and accessibility.

Thank you for the opportunity to testify. I would be happy to answer any questions the
Committee might have.




                                             4